Logging

We are trying to setup logging for QRadar following their documentation to add the configuration from the command line. I see that you can set logging from the Security Console. Is there any reason we can't do this from the GUI. Note: we only want to send logs to one server.

QRadar steps:

Version 8/opt/rsa/am/utils/resources/ims.properties3. Add the following entries to the ims.properties file:ims.logging.audit.admin.syslog_host = <IP address>ims.logging.audit.admin.use_os_logger = trueims.logging.audit.runtime.syslog_host = <IP address>ims.logging.audit.runtime.use_os_logger = trueims.logging.system.syslog_host = <IP address>ims.logging.system.use_os_logger = trueWhere <IP address> is the IP address or host name of IBM QRadar.4. Save the ims.properties file.5. Open the following file for editing:

/etc/syslog.conf6. Type the following command to add QRadar as a syslog entry:*.* @<IP address>Where <IP address> is the IP address or host name of QRadar.7. Type the following command to restart the syslog services for Linux.service syslog restart

Those steps of editing the ims.properties file was used for an older unsupported version 7.x of Authentication Manager.

In Authentication Manager 8.x, no need to edit any files on command line, this is all set in Security Console, Setup, System Settings, Logging, (pick a server) and you can then see syslog options, and set one destination host as syslog destination.

here I have not picked any syslog destinations, but you can add one syslog destination if you wanted for each type of log

Those steps of editing the ims.properties file was used for an older unsupported version 7.x of Authentication Manager.

In Authentication Manager 8.x, no need to edit any files on command line, this is all set in Security Console, Setup, System Settings, Logging, (pick a server) and you can then see syslog options, and set one destination host as syslog destination.

here I have not picked any syslog destinations, but you can add one syslog destination if you wanted for each type of log